Source: Kentucky.com -- Education
A lawsuit seeking tuition and fee refunds for University of Kentucky students enrolled during the spring 2020 semester was allowed by a judge to partially go forward on Wednesday. University … Click to Continue »
Source: OSNews
Corellium, a mobile device company that supports iOS, this week won a significant victory in its legal battle against Apple. Apple last year sued Corellium for copyright infringement because the Corellium software is designed to replicate iOS to allow security researchers to locate bugs and security flaws.
According to The Washington Post, a Florida judge threw out Apple’s claims that Corellium had violated copyright law with its software. The judge said that Corellium successfully demonstrated that it operates under fair use terms.
A very unlikely victory, considering the massive financial means difference between these two companies. A good one, though – this was just the world’s largest corporation being annoyed a small upstart made their products look bad by giving security researchers the tools they need to find bugs and security flaws in iOS.
Being annoyed your forced Uighur-labour brand might get tarnished should not be grounds for a legal case.
Source: Ars Technica
Enlarge (credit: Bruce Bennett/Getty Images)
After months of uncertainty, corporations and hobbyists alike finally have a set of drone guidelines from the Federal Aviation Administration. The final rules are a step back from some proposed restrictions, as they will allow flights over crowds and some nighttime operations. But all drones weighing over 0.25kg (0.55lb) will need to have a unique Remote ID, as will smaller drones that are flown over crowds.
One proposal that didn't make the final cut would have required Remote ID to connect over the Internet to a location-tracking database so drone operations could be monitored in real time by the FAA (and law enforcement). The FAA believes that Remote ID, which will locally transmit the location of both drone and "control stations," meets the needs of national security and law enforcement.
"These final rules carefully address safety, security and privacy concerns while advancing opportunities for innovation and utilization of drone technology," said US Secretary of Transportation Elaine L. Chao in a press release.
Read 5 remaining paragraphs | Comments
Source: Hacker News
Source: Hacker News
Source: adafruit industries blog
How Amazon Wins: By Steamrolling Rivals and Partners –
At its height about a decade ago, Pirate Trading LLC was selling more than $3.5 million a year of its Ravelli-brand camera tripods—one of its bestselling products—on Amazon, said owner Dalen Thomas.
In 2011, Amazon began launching its own versions of six of Pirate Trading’s top-selling tripods under its AmazonBasics label, he said. Mr. Thomas ordered one of the Amazon tripods and found it had the same components and shared Pirate Trading’s design. For its AmazonBasics products, Amazon used the same manufacturer that Pirate Trading had used.
…
Several Amazon sellers said they have received notifications from Amazon, which has been battling fraud and fake goods on its platform, that say their products are used or counterfeit. Amazon suspends their selling accounts until they can prove that the products are legitimate, which can cause big sellers to lose tens of thousands of dollars each day, they said.
To turn their accounts back on, Amazon often requests that the sellers provide details on who manufactures their product along with invoices from the manufacturer so that Amazon can verify authenticity. Several sellers told the Journal they provided those details to Amazon to get their accounts reinstated, only for Amazon to introduce its own version of their products using the same manufacturer.
Source: Hacker News
Source: Schneier on Security
The New York Times has more details.
About 18,000 private and government users downloaded a Russian tainted software update – a Trojan horse of sorts – that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised.
Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies. While the presence of the software is not by itself evidence that each network was compromised and information was stolen, investigators spent Monday trying to understand the extent of the damage in what could be a significant loss of American data to a foreign attacker.
It’s unlikely that the SVR (a successor to the KGB) penetrated all of those networks. But it is likely that they penetrated many of the important ones. And that they have buried themselves into those networks, giving them persistent access even if this vulnerability is patched. This is a massive intelligence coup for the Russians and failure for the Americans, even if no classified networks were touched.
Meanwhile, CISA has directed everyone to remove SolarWinds from their networks. This is (1) too late to matter, and (2) likely to take many months to complete. Probably the right answer, though.
This is almost too stupid to believe:
In one previously unreported issue, multiple criminals have offered to sell access to SolarWinds’ computers through underground forums, according to two researchers who separately had access to those forums.
One of those offering claimed access over the Exploit forum in 2017 was known as “fxmsp” and is wanted by the FBI “for involvement in several high-profile incidents,” said Mark Arena, chief executive of cybercrime intelligence firm Intel471. Arena informed his company’s clients, which include U.S. law enforcement agencies.
Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123”
“This could have been done by any attacker, easily,” Kumar said.
Neither the password nor the stolen access is considered the most likely source of the current intrusion, researchers said.
That last sentence is important, yes. But the sloppy security practice is likely not an isolated incident, and speaks to the overall lack of security culture at the company.
And I noticed that SolarWinds has removed its customer page, presumably as part of its damage control efforts. I quoted from it. Did anyone save a copy?
EDITED TO ADD: Both the Wayback Machine and Brian Krebs have saved the SolarWinds customer page.
Source: Ars Technica
Enlarge (credit: Sean Gallup | Getty Images)
Two separate coalitions of states have filed massive antitrust lawsuits against Google in the past 24 hours, alleging that the company abuses its extensive power to force would-be competitors out of the marketplace and harms consumers in the process.
Texas Attorney General Ken Paxton spearheaded the first suit, which nine other states also signed onto. The second suit is led by Colorado Attorney General Phil Weiser and Nebraska Attorney General Doug Peterson, and an additional 36 states and territories signed on.
Antitrust law isn't just about a company being an illegal monopoly or even about being the dominant firm in its market sector. Although being a literal monopoly, with no available competition of any kind, can put you on the fast track to investigation, the law has broader concerns. Primarily, antitrust investigations are about anticompetitive behavior—in short, how a company uses its power. If you're a big company because everyone likes your stuff best, well, you're a big company, congratulations. But if you got to be the dominant company by cheating somehow—strong-arming other firms in the supply chain; targeting anticompetitive acquisitions; colluding with other firms to manipulate market conditions, and so on—that's a problem.
Read 21 remaining paragraphs | Comments
Source: Hacker News
